Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] FW-1 and PPTP

To: "'Johnny Trujillo'" <[email protected]>, [email protected]
Subject: RE: [FW1] FW-1 and PPTP
From: Jason Kent <[email protected]>
Date: Tue, 9 Jan 2001 14:29:18 -0800
Sender: [email protected]

http://www.phoneboy.com/fw1/faq/0321.html


PPTP
Q:
How can I make FireWall-1 work with PPTP? 
A:
You must add a rule permitting access between your PPTP clients and server.
PPTP uses two services: 
TCP port 1723 for a control session 
A variation of the GRE protocol (IP Protocol 47) for data. 
To create this last service, create the service as a service of type Other.
For the name, use PPTP-Data. In the match field, put: ip_p = 47, [22:2,b] =
0x880B 
(Note: ip_p = 47 identifies the IP protocol type as GRE. [22:2,b] = 0x880B
identifies the payload protocol as GRE.) 

The rules look like this: 
  Source Destination Service Action 
PPTP-Clients   PPTP-Server   PPTP-Control PPTP-Data   Accept 
PPTP-Server    PPTP-Clients   PPTP-Control PPTP-Data   Accept 


PPTP will work with Static NAT, but not HIDE NAT. 


> -----Original Message-----
> From: Johnny Trujillo [mailto:[email protected]]
> Sent: Tuesday, January 09, 2001 1:03 PM
> To: [email protected]
> Subject: [FW1] FW-1 and PPTP
> 
> 
> 
> Has anyone there have experience of running MS VPN
> PPTP through FW-1, we have the need to save and print
> to a remote site in a secure way using Terminal Server
> from our site servers to the user's site workstations
> behind a CKP FW-1. They are using NAT and their FW
> blocks their packets to come to us. without the VPN
> they can ping and traceroute to us, with PPTP enable,
> their FW blacks all packets to us. Any solutions,
> sugestions?
> 
> Thank you in advance
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos - Share your holiday photos online!
> http://photos.yahoo.com/
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] FW-1 and PPTP
  - From: "Byoung Sun Yu" <[email protected]>

Prev by Date: RE: [FW1] FW-1 and PPTP
Next by Date: RE: [FW1] Urgent Help !! Problem with InterScan v3.5 on Solaris 2.6
Previous by thread: RE: [FW1] FW-1 and PPTP
Next by thread: RE: [FW1] FW-1 and PPTP
Index(es):
- Date
- Thread